How to configure the VPN tunnel to allow only specific ports/protocols on the PIX/Adaptive Security Appliance (ASA)
By default, the security appliance allows IPsec packets to bypass interface access control lists (ACLs). In order to allow specific traffic for a VPN tunnel, apply interface access lists. Complete these steps (apart from the basic VPN configuration) on the PIX/ASA:
1. Use the no form of these commands in order to disable sysopt connection permit-ipsec on PIX version 6.3and sysopt connection permit-VPN on PIX/ASA version 7.x.
2. Create an access-list for traffic that goes into the outside interfaces. Refer to this access-list example in order to allow only Telnet traffic:
access-list outside_in extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 23
3. Create an access group and bind it to the outside interface. For example:
access-group outside_in in interface outside
you can also grab the RSS feed or Subscribe to Techgurulive by Email
Not Getting
For reloading a Cisco ASA ,Just type Reload in the console just like shown below TEST# reload Proceed with reload? [confirm] <cr> *** *** --- START GRACEFUL SHUTDOWN --- Shutting...
Once you have installed and enabled VPN server, The next step is to configure the PPTP ports, which will enable your vpn session. Confirm the number of PPTP ports that...
